CCNP Enterprise Advanced

Routing Official Guide

Questions and Answers
 Chapter 1 : IPv4/IPv6 Addressing and Routing Review

Chapter 1 : IPv4/IPv6 Addressing and Routing Review

1. What occurs when a PC with the IP address 10.1.1.27/28 needs to communicate

with a PC that has IP address 10.1.1.18? (Choose two.)

a. It sends the frame to its default gateway.

b. It sends the frame directly to the destination PC.

c. It uses ARP to get the MAC address of the default gateway.

d. It uses ARP to get the MAC address of the destination PC.

Answer : B and D

2. What occurs when a PC with the IP address 10.1.1.27/29 needs to communicate

with a PC that has IP address 10.1.1.18? (Choose two.)

a. It sends the frame to its default gateway.

b. It sends the frame directly to the destination PC.

c. It uses ARP to get the MAC address of the default gateway.

d. It uses ARP to get the MAC address of the destination PC.

Answer : A and C

3. Which command enables you to verify the IP address configured on a router’s

interface?

a. ipconfig

b. show ip interface

c. arp -a

d. show ip arp

Answer : B

4. What is the correct order of operations for the DHCP for IPv4 process?

a. Offer, Request, Ack, Discover

b. Discover, Request, Ack, Offer

c. Request, Offer, Discover, Ack

d. Discover, Offer, Request, Ack

2
 Chapter 1 : IPv4/IPv6 Addressing and Routing Review

Answer : D

5. Which command is needed on a router interface to forward DHCP Discover

messages to a DHCP server on a different subnet?

a. ip address dhcp

b. ip helper-address

c. ip dhcp-forwarder

d. ip dhcp server

Answer : B

6. Which command enables a router interface to obtain an IP address from a DHCP

server?

a. ip dhcp client

b. ip dhcp server

c. ip address dhcp

d. ip helper-address

Answer : C

7. What protocol is used with IPv6 to determine the MAC address of a device in the
same local area network?

a. Address Resolution Protocol

b. Inverse Address Resolution Protocol

c. Neighbor Discovery Protocol

d. Neighbor Solicitation

Answer : C

8. Which of the following are true when using EUI-64? (Choose two.)

a. The interface MAC address is used unmodified.

b. The interface MAC address is used with FFFE added to the middle.

c. The seventh bit from the left in the MAC address is flipped.

d. The seventh bit from the right in the MAC address is flipped.

3
 Chapter 1 : IPv4/IPv6 Addressing and Routing Review

Answer : B and C

9. What command is used on a Cisco IOS router to enable SLAAC on an interface?

a. ipv6 address autoconfig

b. ipv6 address dhcp

c. ipv6 address prefix eui-64

d. ipv6 nd ra suppress

Answer : A

10. Which of the following are requirements for stateless address autoconfiguration to
function? (Choose three.)

a. The prefix must be /64.

b. The router must be sending and not suppressing RA messages.

c. The router must be enabled for IPv6 unicast routing.

d. The router must be sending RS messages.

Answer : A, B and C

11. Which command is used to enable a router to inform clients that they need to get
additional configuration information from a DHCPv6 server?

a. ipv6 nd ra suppress

b. ipv6 dhcp relay destination

c. ipv6 address autoconfig

d. ipv6 nd other-config-flag

Answer : D

12. What command enables you to configure a router interface as a DHCPv6 relay
agent?

a. ipv6 forwarder

b. ipv6 helper-address

c. ipv6 dhcp relay destination

d. ipv6 dhcp client

4
 Chapter 1 : IPv4/IPv6 Addressing and Routing Review

Answer : C

13. Which two data structures reside at the router’s data plane?

a. IP routing table

b. ARP cache

c. Forwarding Information Base

d. Adjacency table

Answer : C and D

14. Which command enables you to verify routes in the FIB?

a. show ip route

b. show ip arp

c. show ip cef

d. show adjacency detail

Answer : C

15. Which of the following populate a routing protocol’s data structure, such as the
EIGRP topology table? (Choose three.)

a. Updates from a neighbor

b. Redistributed routes

c. Interfaces enabled for the routing process

d. Static routes

Answer : A, B and C

16. Which of the following has the lowest default administrative distance?

a. OSPF

b. EIGRP (internal)

c. RIP

d. Ebgp

Answer : D

5
 Chapter 1 : IPv4/IPv6 Addressing and Routing Review

17. What is the default administrative distance of an OSPF intra-area route?

a. 90

b. 110

c. 115

d. 120

Answer : B

18. How can you create a floating static route?

a. Provide the static route with a metric higher than the preferred source of theroute.

b. Provide the static route with a metric lower than the preferred source of the route.

c. Provide the static route with an AD higher than the preferred source of the route.

d. Provide the static route with an AD lower than the preferred source of the route.

Answer : C

19. What occurs when you create an IPv4 static route with an Ethernet interface
designated instead of a next-hop IP address?

a. The router uses ARP to get the MAC address of the directly connected router’s IP
address.

b. The router forwards the packet with the destination MAC address FFFF:FFFF:FFFF.

c. The router uses ARP to get the MAC address of the IP address in the source of the
packet.

d. The router uses ARP to get the MAC address of the IP address in the destination of
the packet.

Answer : D

6
 Chapter 2 : EIGRP

Chapter 2 : EIGRP

1. EIGRP uses protocol number ____ for inter-router communication.

a. 87
b. 88
c. 89
d. 90

Answer : B

2. How many packet types does EIGRP use for inter-router communication?
a. Three
b. Four
c. Five
d. Six
e. Seven

Answer : C

3. Which of the following is not required to match to form an EIGRP adjacency?

a. Metric K values
b. Primary subnet
c. Hello and hold timers
d. Authentication parameters

Answer : C

4. What is an EIGRP successor?

a. The next-hop router for the path with the lowest path metric for a destination prefix
b. The path with the lowest metric for a destination prefix
c. The router selected to maintain the EIGRP adjacencies for a broadcast network
d. A route that satisfies the feasibility condition where the reported distance is less
than the feasible distance

Answer : A

5. What attributes does the EIGRP topology table contain? (Choose all that apply.)

7
 Chapter 2 : EIGRP

a. Destination network prefix

b. Hop Count
c. Total path delay
d. Maximum path bandwidth
e. List of EIGRP neighbors

Answer : A, B, C and E

6. What destination addresses does EIGRP use when feasible? (Choose two.)
a. IP addre s s 224.0.0.9
b. IP addre s s 224.0.0.10
c. IP addre s s 224.0.0.8
d. MAC address 01:00:5E:00:00:0A
e. MAC address 0C:15:C0:00:00:01

Answer : B and D

7. The EIGRP process is initialized by which of the following technique? (Choose two.)
a. Using the interface command ip eigrp as-number ipv4 unicast
b. Using the global configuration command router eigrp as-number
c. Using the global configuration command router eigrp process-name
d. Using the interface command router eigrp as-number

Answer : B and C

8. True or false: The EIGRP router ID (RID) must be configured for EIGRP to be able to
establish neighborship.
a. True
b. False

Answer : B

9. True or false: When using MD5 authentication between EIGRP routers, the key-
chain sequence number can be different, as long as the password is the same.
a. True
b. False

8
 Chapter 2 : EIGRP

Answer : B

10. Which value can be modified on a router to manipulate the path taken by EIGRP
but does not have impacts on other routing protocols, like OSPF?
a. Interface bandwidth
b. Interface MTU
c. Interface delay
d. Interface priority

Answer : C

9
 Chapter 3 : Advanced EIGRP

Chapter 3 : Advanced EIGRP

1. What is the default EIGRP hello timer for a high-speed interface?
a. 1 second
b. 5 seconds
c. 10 seconds
d. 20 seconds
e. 30 seconds
f. 60 seconds

Answer : B

2. What is the default EIGRP hello timer for a low-speed interface?

a. 1 second
b. 5 seconds
c. 10 seconds
d. 20 seconds
e. 30 seconds
f. 60 seconds

Answer : F

3. When a path is identified using EIGRP and in a stable fashion, the route is
considered_____.
a. passive
b. Dead
c. Active
d. Alive

Answer : A

4. How does an EIGRP router indicate that a path computation is required for a
specific route?
a. EIGRP sends out an EIGRP update packet with the topology change notification
flag set.
b. EIGRP sends out an EIGRP update packet with a metric value of zero.
c. EIGRP sends out an EIGRP query with the delay set to infinity.

10
 Chapter 3 : Advanced EIGRP

d. EIGRP sends a route withdrawal, notifying other neighbors to remove the route
from the topology table.

Answer : C

5. True or false: EIGRP summarization is performed with the command summary-

aggregate network subnet-mask under the EIGRP process for classic mode
configuration.
a. True
b. False

Answer : B

6. True or false: EIGRP automatic summarization is enabled by default and must be

disabled to prevent issues with networks that cross classful network boundaries.
a. True
b. False

Answer : B

7. True or false: EIGRP stub site functions can be deployed at all branch sites,
regardless of whether downstream EIGRP routers are present.
a. True
b. False

Answer : A

8. How do EIGRP offset lists manipulate a route?

a. Completely removing a set of specific routes
b. Reducing the total path metric to a more preferred value
c. Adding the total path metric to a specific set of routes
d. Adding delay to the path metric for a specific set of routes

Answer : D

11
 Chapter 4 : Troubleshooting EIGRP for IPv4

Chapter 4 : Troubleshooting EIGRP for IPv4

1. Which command enables you to verify the routers that have formed EIGRP
adjacencies with the local router, how long they have been neighbors, and the
current sequence numbers of EIGRP packets?
a. show ip eigrp interfaces
b. show ip eigrp neighbors
c. show ip route eigrp
d. show ip protocols

Answer : B

2. Which of the following are reasons EIGRP neighbor relationships might not
form?(Choose three.)
a. Different autonomous system numbers
b. Different K values
c. Different timers
d. Different authentication parameters

Answer : A, B and D

3. Which command enables you to verify the configured EIGRP K values?

a. show ip protocols
b. show ip eigrp interfaces
c. show ip eigrp neighbor
d. show ip eigrp topology

Answer : A

4. Which command enables you to verify EIGRP authentication, split horizon, and
configured EIGRP timers?
a. show ip interfaces
b. show ip protocols
c. show ip eigrp interfaces detail
d. show ip eigrp neighbor

12
 Chapter 4 : Troubleshooting EIGRP for IPv4

Answer : C

5. Besides a neighbor relationship not being formed, which three of the following are
reasons routes might be missing in an EIGRP autonomous system? (Choose three.)
a. Interface not participating in the EIGRP process
b. Filters
c. Incorrect stub configuration
d. Passive interface feature

Answer : A, B and C

6. Which command enables you to verify whether any route filters have been
applied to an EIGRP-enabled interface?
a. show ip interface brief
b. show ip interface
c. show ip protocols
d. show ip eigrp interface

Answer : C

7. Which command enables you to verify the maximum paths configured for load
balancing and whether unequal-path load balancing has been enabled?
a. show ip protocols
b. show ip eigrp interfaces
c. show ip eigrp neighbors
d. show ip interfaces

Answer : A

8. You have a DMVPN network that has a hub and three spokes. The spokes are not
learning the routes of the other spokes. Of the following options, which is most likely
the reason for this?
a. Split horizon is enabled on the GRE interfaces of the spokes
b. Split horizon is enabled on the hub’s mGRE interface
c. Split horizon is disabled on the hub’s mGRE interface
d. Split horizon is disabled on the GRE interfaces of the spokes

13
 Chapter 4 : Troubleshooting EIGRP for IPv4

Answer : B

9. An EIGRP summary route is not showing up on the expected routes in the AS. Which
of the following questions should you answer while troubleshooting? (Choose three.)
a. Did you enable route summarization on the correct interface?
b. Did you associate the summary route with the correct EIGRP autonomous system?
c. Did you create the appropriate summary route?
d. Did you create a route to NULL0?

Answer : A, B and C

10. The IP addressing scheme for your routing domain is discontiguous. What
command should you use in EIGRP configuration mode to make sure that you do not
have any routing issues in your EIGRP autonomous system?
a. no auto-summary
b. auto-summary
c. passive-interface
d. network ip_address wildcard_mask

Answer : A

14
 Chapter 5 : EIGRPv6

Chapter 5 : EIGRPv6

1. What address does the EIGRPv6 hello packet use for the destination address?
a. MAC address 00:C1:00:5C:00:FF
b. MAC address E0:00:00:06:00:AA
c. IP address 224.0.0.8
d. IP address 224.0.0.10
e. IPv6 address FF02::A
f. IPv6 address FF02::8

Answer : E

2. Enabling EIGRPv6 on an interface with EIGRPv6 classic configuration requires _____.

a. the command network prefix/prefix-length under the EIGRP process
b. the command network interface-id under the EIGRP process
c. the command ipv6 eigrp as-number under the interface
d. nothing; EIGRPv6 is enabled on all IPv6 interfaces upon initialization of the EIGRP
process

Answer : C

3. Enabling EIGRPv6 on an interface with EIGRPv6 named mode configuration

requires _____.
a. the command network prefix/prefix-length under the EIGRP process
b. the command network interface-id under the EIGRP process
c. the command ipv6 eigrp as-number under the interface
d. nothing; EIGRPv6 is enabled on all IPv6 interfaces upon initialization of the EIGRP
process

Answer : D

4. Which EIGRPv6 command is used to verify whether any interfaces have been
configured as passive interfaces?
a. show ipv6 protocols
b. show ipv6 eigrp interfaces detail
c. show ipv6 eigrp neighbors detail

15
 Chapter 5 : EIGRPv6

d. show ipv6 eigrp topology

Answer : A

5. Which EIGRPv6 command enables you to verify whether the local router is a stub
router?
a. show ipv6 protocols
b. show ipv6 eigrp interfaces detail
c. show ipv6 eigrp neighbors detail
d. show ipv6 eigrp topology

Answer : A

6. Which EIGRPv6 command enables you to verify whether a neighboring router is a

stub router?
a. show ipv6 protocols
b. show ipv6 eigrp interfaces detail
c. show ipv6 eigrp neighbors detail
d. show ipv6 eigrp topology

Answer : C

7. Which of these commands can you use to verify which interfaces are participating
int he named EIGRP IPv4 address family? (Choose two.)
a. show ip eigrp interfaces
b. show eigrp address-family ipv4 interfaces
c. show ipv6 eigrp interfaces
d. show eigrp address-family ipv6 interfaces

Answer : A and B

8. Which of the following must match to form an EIGRPv6 neighborship? (Choose

two.)
a. The subnet the interfaces belong to
b. The autonomous system number
c. The passive interfaces
d. The K values

16
 Chapter 5 : EIGRPv6

Answer : B and D

9. What must be permitted within an IPv6 ACL for an EIGRPv6 neighbor adjacency to
be formed?
a. FF02::A
b. FF02::10
c. The link-local address of the neighboring device
d. The global address of the neighboring device

Answer : A and C

17
 Chapter 6 : OSPF

Chapter 6 : OSPF

1. What protocol number does OSPF use for inter-router communication?

a. 87
b. 88
c. 89
d. 90

Answer : C

2. How many packet types does OSPF use for inter-router communication?
a. Three
b. Four
c. Five
d. Six
e. Seven

Answer : C

3. What destination addresses does OSPF use, when feasible? (Choose two.)
a. IP address 224.0.0.5
b. IP address 224.0.0.10
c. IP address 224.0.0.8
d. MAC address 01:00:5E:00:00:05
e. MAC address 01:00:5E:00:00:0A

Answer : A and D

4. True or false: A router with an interface associated to Area 1 and Area 2 can inject
routes learned from one area into another area.
a. True
b. False

18
 Chapter 6 : OSPF

Answer : B

5. True or false: A member router contains a complete copy of the LSDBs for every
area in the routing domain.
a. True
b. False

Answer : B

6. How many states does OSPF maintain when dealing with a neighbor adjacency?
a. Three
b. Four
c. Five
d. Eight

Answer : D

7. True or false: The OSPF process ID must match for routers to establish a neighbor
adjacency.
a. True
b. False

Answer : B

8. True or false: OSPF is only enabled on a router interface by using the command
network ip-address wildcard-mask area area-id under the OSPF router process.
a. True
b. False

Answer : B

9. True or false: An advertised default route into OSPF always appears as an OSPF

19
 Chapter 6 : OSPF

inter-area route.
a. True
b. False

Answer : B

10. True or false: The router with the highest IP address is the designated router when
using a serial point-to-point link.
a. True
b. False

Answer : B

11. What command is configured to prevent a router from becoming the designated
router for a network segment?
a. The interface command ip ospf priority 0
b. The interface command ip ospf priority 255
c. The command dr-disable interface-id under the OSPF process
d. The command passive interface interface-id under the OSPF process
e. The command dr-priority interface-id 255 under the OSPF process

Answer : A

12. What is the advertised network for the loopback interface with IP address
10.123.4.1/30?
a. 10.123.4.1/24
b. 10.123.4.0/30
c. 10.123.4.1/32
d. 10.123.4.0/24

Answer : C

20
 Chapter 6 : OSPF

13. The OSPF dead interval defaults to how many times the hello interval?
a. Two
b. Three
c. Four
d. Five

Answer : C

14. True or false: Enabling OSPF authentication for an area consists of setting the OSFP
authentication type under the OSPF process and placing the password on all area
interfaces.
a. True
b. False

Answer : A

21
 Chapter 7 : Advanced OSPF

Chapter 7 : Advanced OSPF

1. How many OSPF link-state advertisements (LSAs) are used for routing traditional
IPv4 packets?
a. Two
b. Three
c. Five
d. Six
e. Seven

Answer : D

2. What is the LSA Age field in the LSDB used for?

a. Version control, to ensure that the most recent LSA is present
b. To age out old LSAs by removing an LSA when its age reaches zero
c. For troubleshooting, to identify exactly when the LSA was advertised
d. To age out old LSAs by removing an LSA when it reaches 3600 seconds

Answer : D

3. Which LSA type exists in all OSPF areas?

a. Network
b. Summary
c. Router
d. AS external

Answer : C

4. True or false: When an ABR receives a network LSA, the ABR forwards the network
LSA to the other connected areas.
a. True
b. False

22
 Chapter 7 : Advanced OSPF

Answer : B

5. An OSPF stub area blocks which types of LSAs from being injected into the area by
the ABR? (Choose two.)
a. Type 1 LSA
b. Type 3 LSA
c. Type 4 LSA
d. Type 5 LSA

Answer : C and D

6. True or false: An OSPF not-so-stubby area (NSSA) automatically creates a default

route when a Type 5 LSA is blocked on the ABR from being injected into the NSSA.
a. True
b. False

Answer : B

7. OSPF automatically assigns a link cost to an interface based on what reference

bandwidth?
a. 100 Mbps
b. 1 Gbps
c. 10 Gbps
d. 40 Gbps

Answer : A

8. True or false: If two different routers are redistributing the same network (such as
10.1.1.0/24) as an OSPF external Type 2 route, and they have the same metric, both
paths are installed on a downstream router.
a. True
b. False

23
 Chapter 7 : Advanced OSPF

Answer : B

9. True or false: Breaking a large OSPF topology into smaller OSPF areas can be
considered a form of summarization.
a. True
b. False

Answer : A

10. Summarizing external OSPF routes on is accomplished by using the _____.

a. interface configuration command summary-address network prefix-length
b. OSPF process configuration command summary-address network
subnet-mask
c. OSPF process configuration command area area-id range network
subnet-mask
d. interface configuration command area area-id summary-address network
subnet-mask

Answer : B

11. When a Type 3 LSA is received on a nonbackbone area, what does the ABR do?
a. Discards the Type 3 LSA and does not process it
b. Installs the Type 3 LSA for only the area for which it was received
c. Advertises the Type 3 LSA to the backbone area and displays an error
d. Advertises the Type 3 LSA to the backbone area

Answer : B

12. True or false: Virtual link is another term for an OSPF-enabled GRE tunnel.
a. True
b. False

24
 Chapter 7 : Advanced OSPF

Answer : B

25
 Chapter 8 : Troubleshooting OSPFv2

Chapter 8 : Troubleshooting OSPFv2

1. Which of the following prevent OSPF neighbor relationships from forming? (Choose
three.)
a. Mismatched timers
b. Mismatched area numbers
c. Duplicate router IDs
d. Wrong designated router elected

Answer : A, B and C

2. In which OSPF states are you likely to find routers that have an MTU mismatch?
(Choose two.)
a. Init
b. 2-Way
c. ExStart
d. Exchange

Answer : C and D

3. Which OSPFv2 command enables you to verify the hello interval and the dead
interval?
a. show ip protocols
b. show ip ospf interface
c. show ip ospf neighbor
d. show ip ospf database

Answer : B

4. Which OSPFv2 debug command enables you to verify whether area numbers are
mismatched?

26
 Chapter 8 : Troubleshooting OSPFv2

a. debug ip ospf hello

b. debug ip ospf adj
c. debug ip ospf packet
d. debug ip ospf events

Answer : B

5. Which OSPF network type is the default on LAN interfaces?

a. Broadcast
b. NBMA
c. Point-to-point
d. Point-to-multipoint

Answer : A

6. Which LSA type describes routes outside the area but still within the OSPF routing
domain (interarea routes)?
a. 1
b. 2
c. 3
d. 5

Answer : C

7. Which of the following can prevent an OSPF neighborship from being formed?
a. A distribute list applied inbound
b. A distribute list applied outbound
c. An ACL applied inbound
d. An ACL applied outbound

Answer : C

27
 Chapter 8 : Troubleshooting OSPFv2

8. OSPF neighborships have been successfully formed throughout the entire routing
domain. Which of the following are reasons any router may be missing routes in the
local LSDB or the local routing table? (Choose two.)
a. The missing route’s network interface has been configured as passive.
b. There are duplicate router IDs in the routing domain.
c. There is an outbound distribute list configured.
d. The spoke is the DR in a hub and spoke topology.

Answer : B and D

9. Which command is used to redistribute a static default route into OSPF?

a. redistribute static
b. redistribute ospf 1 subnets
c. default-information originate
d. ip route 0.0.0.0 0.0.0.0 110

Answer : C

10. Which of the following are reasons a virtual link might not be forming? (Choose
two.)
a. The router’s interface IP address is being used in the virtual-link command.
b. The local area ID is being used in the virtual-link command.
c. The router ID is being used in the virtual-link command.
d. The transit area ID is being used in the virtual-link command.

Answer : A and B

28
 Chapter 9 : OSPFv3

Chapter 9 : OSPFv3

1. What protocol number does OSPFv3 use for its inter-router communication?
a. 87
b. 88
c. 89
d. 90

Answer : C

2. How many packet types does OSPFv3 use for inter-router communication?
a. Three
b. Four
c. Five
d. Six
e. Seven

Answer : C

3. What do you need to do to enable OSPFv3 on an interface?

a. Place the command network prefix/prefix-length under the OSPF process.
b. Place the command network interface-id under the OSPF process.
c. Place the command ospfv3 process-id ipv6 area area-id under the interface.
d. Nothing. OSPFv3 is enabled on all IPv6 interfaces upon initialization of the OSPF
process.

Answer : C

4. True or false: On a brand-new router installation, OSPFv3 requires only an IPv6 link-
local address to be configured and OSPFv3 to be enabled on that interface to form
an OSPFv3 neighborship with another router.

29
 Chapter 9 : OSPFv3

a. True
b. False

Answer : B

5. True or false: OSPFv3 support for IPv4 networks only requires that an IPv4 address
be assigned to the interface and that the OSPFv3 process be initialized for IPv4.
a. True
b. False

Answer : B

6. Which OSPFv3 flooding scope correlates to the links between two routers?
a. The link-local scope
b. The neighbor scope
c. The process scope
d. The autonomous system scope

Answer : A

30
 Chapter 10 : Troubleshooting OSPFv3

Chapter 10 : Troubleshooting OSPFv3

1. What can be verified with the output of show ipv6 protocols? (Choose two.)
a. The router ID
b. Which areas are normal, stub, and not-so-stubby
c. The interfaces participating in the routing process
d. The ID of the designated router

Answer : A and C

2. Which of the following are true about the output of show ipv6 ospf interface brief?
(Choose two.)
a. The cost of the interface is listed.
b. The DR/BDR state of the neighbor is listed.
c. The area an interface is participating in is listed.
d. The network type of the interface is listed.

Answer : A and C

3. Which IPv6 OSPFv3 command enables you to verify the configured hello interval
and the dead interval?
a. show ip protocols
b. show ip ospf interface
c. show ip ospf neighbor
d. show ip ospf database

Answer : B

4. Which multicast addresses are used for OSPFv3? (Choose two.)

a. FF02::A
b. FF02::9
c. FF02::5
d. FF02::6

31
 Chapter 10 : Troubleshooting OSPFv3

Answer : C and D

5. Which IPv6 OSPFv3 LSA is used to describe prefixes outside an area but that are still
within the OSPF routing domain?
a. Router link states
b. Net link states
c. Inter-area prefix link states
d. Type 5 AS external link states

Answer : C

6. Which LSA type is only flooded on the local link and is not reflooded by other OSPF
routers?
a. 1
b. 8
c. 3
d. 9

Answer : B

7. Which IPv6 OSPFv3 command enables you to verify whether an area is a stub area,
totally stubby area, NSSA, or totally NSSA?
a. show ipv6 protocols
b. show ipv6 ospf
c. show ipv6 ospf interface
d. show ipv6 ospf neighbor

Answer : B

8. Which IPv6 OSPFv3 command enables you to verify which routers the local router
has formed neighbor adjacencies with?
a. show ipv6 protocols

32
 Chapter 10 : Troubleshooting OSPFv3

b. show ipv6 ospf

c. show ipv6 ospf interface
d. show ipv6 ospf neighbor

Answer : D

9. Which OSPFv3 address family commands are used to verify which OSPFv3 address
family an interface is participating in? (Choose two.)
a. show ospfv3
b. show ospfv3 interface brief
c. show ospfv3 neighbor
d. show ospfv3 database

Answer : B and C

10. Which OSPFv3 address family debug command identifies whether there is a
mismatched stub area configuration?
a. debug ospfv3 hello
b. debug ospfv3 packet
c. debug ospfv3 adj
d. debug ospfv3 events

Answer : A

33
 Chapter 11 : BGP

Chapter 11 : BGP
1. Which of the following autonomous system(s) are private? (Choose two.)
a. 64,512 through 65,535
b. 65,000 through 65,535
c. 4,200,000,000 through 4,294,967,294
d. 4,265,000 through 4,265,535,016

Answer : A and C

2. Which BGP attribute must be recognized by all BGP implementations and

advertised to other autonomous systems?
a. Well-known mandatory
b. Well-known discretionary
c. Optional transitive
d. Optional non-transitive

Answer : A

3. True or false: BGP supports dynamic neighbor discovery by both routers.

a. True
b. False

Answer : B

4. True or false: BGP sessions are always one hop away from a neighbor.
a. True
b. False

Answer : B

5. True or false: The IPv4 address family must be initialized to establish a BGP session
with a peer using IPv4 addressing.
a. True
b. False

34
 Chapter 11 : BGP

Answer : B

6. Which command is used to view the BGP neighbors and their hello interval?
a. show bgp neighbors
b. show bgp afi safi neighbors
c. show bgp afi safi summary
d. show afi bgp interface brief

Answer : B

7. How many tables does BGP use for storing prefixes?

a. One
b. Two
c. Three
d. Four

Answer : C

8. True or false: A route learned from an eBGP peer is advertised to an iBGP neighbor.
a. True
b. False

Answer : A

9. True or false: A route learned from an iBGP peer is advertised to an iBGP neighbor.
a. True
b. False

Answer : A

10. Which of the following are considering iBGP scalability enhancements? (Choose
two.)
a. Route reflectors
b. BGP route aggregation
c. BGP confederations
d. BGP alliances

35
 Chapter 11 : BGP

Answer : A and C

11. True or false: The IPv6 address family must be initialized to establish a BGP session
with a peer using IPv6 addressing.
a. True
b. False

Answer : A

12. True or false: IPv6 prefixes can be advertised only across a BGP session
established with IPv6 addresses.
a. True
b. False

Answer : B

36
 Chapter 12 : Advanced BGP

Chapter 12 : Advanced BGP

1. Which BGP command advertises a summary route to prevent link-flap processing
by downstream BGP routers?
a. aggregate-address network subnet-mask as-set
b. aggregate-address network subnet-mask summary-only
c. summary-address network subnet-mask
d. summary-address network mask subnet-mask

Answer : B

2. What is the BGP atomic aggregate?

a. A BGP path attribute used to indicate that a prefix should not be advertised to a
peer
b. A BGP path attribute that indicates a loss of path attributes
c. The amount of time that a peer’s routes should not be installed due to a flapping
link
d. The BGP routes that are suppressed during summarization

Answer : B

3. Which extended ACL entry allows any network in the 172.16.x.x network with a /24
to /32 prefix length?
a. permit ip 172.16.0.0 0.0.255.255 255.255.255.0 0.0.0.255
b. permit ip 172.16.0.0 255.255.0.0 0.0.255.255 0.0.0.0
c. permit ip 172.16.0.0 255.255.0.0 255.255.255.0 0.0.0.255
d. permit ip 172.16.0.0 0.0.255.255 0.0.255.255 0.0.0.0

Answer : A

4. Which command displays only the network prefixes that originate from AS 40 or AS
45?
a. show bgp ipv4 unicast regexp _40|45$
b. show bgp ipv4 unicast regexp ^40|45
c. show bgp ipv4 unicast regexp _4(0|5)$
d. show bgp ipv4 unicast regexp _[40,45]$

37
 Chapter 12 : Advanced BGP

Answer : C

5. True or false: A BGP AS_Path ACL and a prefix list can be applied to a neighbor at
the same time.
a. True
b. False

Answer : A

6. Which of the following is not a well-known BGP community?

a. No_Advertise
b. Internet
c. No_Export
d. Private_Route

Answer : D

7. A router has been configured with the command neighbor 10.12.1.2 maximum-
prefix 100. What happens when the BGP peer advertises 101 prefixes to it?
a. The 101st prefix overwrites the 1st prefix in the Loc-RIB table.
b. The 101st prefix is discarded.
c. The BGP session is shut down.
d. The 101st prefix is received and installed in the Loc-RIB table, and a warning
message is generated.

Answer : C

8. What is the primary difference between a BGP peer group and a peer template?
a. They can have different inbound routing policies.
b. They can have different outbound routing policies.
c. They can have different BGP authentication settings.
d. They can have different BGP timers.

Answer : A

38
 Chapter 13 : BGP Path Selection

Chapter 13 : BGP Path Selection

1. True or false: BGP summarization provides a mechanism for load balancing traffic
between service providers.
a. True
b. False

Answer : A

2. True or false: A BGP router advertises every path for a prefix so that every neighbor
can build its own topology table.
a. True
b. False

Answer : B

3. Which of the following techniques is the second selection criterion for the BGP best
path?
a. Weight
b. Local preference
c. Origind. MED

Answer : B

4. True or false: A router deletes a path from the Loc-RIB table after detecting that the
current best path is inferior to a new superior path for a network prefix.
a. True
b. False

Answer : B

5. In the BGP best-path algorithm, what attribute does BGP use after network
origination (local, aggregation, received by peer) to select the best path?
a. Local preference
b. AS_Path

39
 Chapter 13 : BGP Path Selection

c. Accumulated Interior Gateway Protocol (AIGP)

d. MED

Answer : C

6. Which of the following attributes is locally significant to the BGP best-path

algorithm?
a. Weight
b. Local preference
c. AS_Path
d. MED

Answer : A

7. True or false: MED can only be compared between three or more different Ass.
a. True
b. False

Answer : B

8. True or false: When BGP multipathing is enabled, a router can select multiple paths
as the best path so that they can all be installed into the RIB.
a. True
b. False

Answer : B

40
 Chapter 14 : Troubleshooting BGP

Chapter 14 : Troubleshooting BGP

1. Which commands enable you to identify the IPv4 unicast BGP neighbor
adjacencies that have been formed? (Choose two.)
a. show ip route bgp
b. show bgp ipv4 unicast
c. show bgp ipv4 unicast summary
d. show bgp ipv4 unicast neighbors

Answer : C and D

2. In the output of show bgp ipv4 unicast summary, how can you determine whether
a neighbor relationship is successfully established?
a. The neighbor is listed in the output.
b. The Version column has a 4 in it.
c. The State/PfxRcd column has a number in it.
d. The State/PfxRcd column has the word Active in it.

Answer : C

3. Which of the following are reasons a BGP neighbor relationship might not
form?(Choose two.)
a. The BGP timers are mismatched.
b. The BGP packets are sourced from the wrong IP address.
c. The neighbor is reachable using a default route.
d. The network command is misconfigured.

Answer : B and C

4. Which TCP port number is used to form BGP sessions?

a. 110
b. 123
c. 179
d. 443

Answer : C

41
 Chapter 14 : Troubleshooting BGP

5. What is the BGP state of a neighbor if a TCP session cannot be formed?

a. Open
b. Idle
c. Active
d. Established

Answer : B

6. What could prevent a route from being advertised to another BGP router? (Choose
three.)
a. Mismatched timers
b. Split-horizon rule
c. Missing network mask command
d. Route filtering

Answer : B, C and D

7. Which command enables you to verify the IPv4 BGP routes that have been learned
from all BGP neighbors?
a. show ip route bgp
b. show bgp ipv4 unicast
c. show bgp ipv4 unicast summary
d. show bgp ipv4 unicast neighbors

Answer : A

8. What occurs when the next hop of a BGP-learned route is not reachable?
a. The route is discarded.
b. The route is placed in the BGP table and advertised to other neighbors.
c. The route is placed in the BGP table and not marked as valid.
d. The route is placed in the BGP table and in the routing table.

Answer : C

9. Which of the following describes the BGP split-horizon rule?

42
 Chapter 14 : Troubleshooting BGP

a. A BGP router that receives a BGP route from an iBGP peering shall not advertise
that route to another router that is an iBGP peer.
b. A BGP router that receives a BGP route from an eBGP peering shall not advertise
that route to another router that is an iBGP peer.
c. A BGP router that receives a BGP route from an eBGP peering shall not advertise
that route to another router that is an eBGP peer.
d. A BGP router that receives a BGP route from an iBGP peering shall discard the
route.

Answer : A

10. Which of the following administrative distances are correct? (Choose two.)
a. 20 for eBGP
b. 20 for iBGP
c. 200 for eBGP
d. 200 for iBGP

Answer : A and D

11. Which of the following correctly identifies the order of BGP attributes for the best-
path decision process?
a. Weight, local preference, route origin, AS_Path, origin code, MED
b. AS_Path, origin code, MED, weight, local preference, route origin
c. Local preference, weight, route origin, AS_Path, origin code, MED
d. Weight, local preference, route origin, AS_Path, MED, origin code

Answer : A

12. What do you need to do when using MP-BGP? (Choose two.)

a. Activate the IPv6 neighbors in address family configuration mode.
b. Activate the IPv6 neighbors in router configuration mode.
c. Define the IPv6 neighbors in router configuration mode.
d. Define the IPv6 neighbors in address family configuration mode.

Answer : A and C

43
 Chapter 14 : Troubleshooting BGP

13. Which command enables you to verify the IPv6 unicast BGP routes that have
been learned?
a. show bgp ipv6 unicast
b. show bgp ipv6 unicast summary
c. show bgp ipv6 unicast neighbor
d. show ipv6 route bgp

Answer : A

44
 Chapter 15 : Route Maps and Conditional Forwarding

Chapter 15 : Route Maps and Conditional Forwarding

1. True or false: An extended ACL that is used to match routes changes behavior if
the routing protocol is an IGP rather than BGP.

a. True

b. False

Answer : A

2. Which network prefixes match the prefix match pattern 10.168.0.0/13 ge 24?
(Choose two.)

a. 10.168.0.0/13

b. 10.168.0.0/24

c. 10.173.1.0/28

d. 10.104.0.0/24

Answer : B and C

3. What happens when the route map route-map QUESTION deny 30 does not
contain a conditional match statement?

a. Any remaining routes are discarded.

b. Any remaining routes are accepted.

c. All routes are discarded.

d. All routes are accepted.

Answer : A

45
 Chapter 15 : Route Maps and Conditional Forwarding

4. What happens to a route that does not match the PrefixRFC1918 prefix list when
using the following route map?

route-map QUESTION deny 10

match ip address prefix-list PrefixRFC1918

route-map QUESTION permit 20

set metric 200

a. The route is allowed, and the metric is set to 200.

b. The route is denied.

c. The route is allowed.

d. The route is allowed, and the default metric is set to 100.

Answer : A

5. True or false: When there are multiple conditional matches of the same type, only
one must be met for the prefix to match.

a. True

b. False

Answer : A

6. True or false: Policy-based routing will modify a router’s routing table.

a. True

b. False

Answer : B

46
 Chapter 16 : Route Redistribution

Chapter 16 : Route Redistribution

1. R1 learns the 10.11.11.0/24 prefix from EIGRP. EIGRP is redistributed into OSPF on R1,
and OSPF is redistributed into BGP on R1. R1 advertises all the BGP network prefixes to
R3. Does R3 receive the 10.11.11.0/24 prefix?

a. Yes

b. No

Answer : B

2. What is the administrative distance for external EIGRP routes?

a. 90

b. 110

c. 170

d. 200

Answer : C

3. What is the default seed metric for OSPF?

a. 20

b. 100

c. 32,768

d. infinity

Answer : A

47
 Chapter 16 : Route Redistribution

4. R1 learns the 10.11.11.0/24 prefix from EIGRP. EIGRP is redistributed into OSPF on R1.
R1 has an OSPF adjacency with R2. R2 redistributes OSPF into BGP. R2 advertises all
BGP network prefixes to R3. Does R3 receive the 10.11.11.0/24 prefix?

a. Yes

b. No

Answer : A

5. What is the administrative distance for external OSPF routes?

a. 150

b. 110

c. 180

d. 200

Answer : B

6. What is the default seed metric for EIGRP?

a. 20

b. 100

c. 32,768

d. infinity

Answer : D

7. Which additional command is needed to redistribute external OSPF routes into

EIGRP?

a. ospf-external-prefixes redistributable

48
 Chapter 16 : Route Redistribution

b. eigrp receive external source networks

c. ospf redistribute-internal

d. None

Answer : D

8. Which additional command is needed to redistribute external OSPF routes in to

BGP?

a. ospf-external-prefixes redistributable

b. match external

c. bgp redistribute-internal

d. none

Answer : C

49
 Chapter 17 : Troubleshooting Redistribution

Chapter 17 : Troubleshooting Redistribution

1. Which of the following are methods that can be used to solve routing issues
caused by multipoint redistribution? (Choose all that apply.)
a. Modify the seed metrics of the redistributed routes.
b. Modify the administrative distances of redistributed routes.
c. Tag routes as they are redistributed and then deny them from being redistributed
back into the originating routing source.
d. Modify the metric used to reach the boundary routers.

Answer : A, B and C

2. Which of the following methods can be used to solve suboptimal routing issues
caused by redistribution?
a. Modify the seed metrics of the redistributed routes.
b. Modify the administrative distances of redistributed routes.
c. Redistribute only classless networks.
d. Modify the metrics of the routes before redistribution.

Answer : A

3. Which of the following is true?

a. The EIGRP command distance 165 10.1.1.1 0.0.0.0 changes the AD to 165 for all
EIGRP routes learned from neighbor 10.1.1.1.
b. The EIGRP command distance 165 10.1.1.1 0.0.0.0 changes the AD to 165 for the
EIGRP learned route 10.1.1.0/24.
c. The EIGRP command distance 165 10.1.1.1 0.0.0.0 changes the AD to 165 for
internal EIGRP routes learned from neighbor 10.1.1.1.
d. The EIGRP command distance 165 10.1.1.1 0.0.0.0 changes the AD to 165 for
external EIGRP routes learned from neighbor 10.1.1.1.

Answer : C

50
 Chapter 17 : Troubleshooting Redistribution

4. What must be true for a route from one routing source to be redistributed into
a different routing source?
a. The routing sources must have similar metrics.
b. The routing sources must have similar administrative distances.
c. The route must be in the routing table on the router performing redistribution.
d. The route must be a directly connected route on the router performing
redistribution.

Answer : C

5. Which of the following routing protocols have a default seed metric of

unreachable? (Choose two.)
a. RIP
b. EIGRP
c. OSPF
d. BGP

Answer : A and B

6. Which of the following routing protocols has a default seed metric of 20?
a. RIPng
b. EIGRP for IPv6
c. OSPFv3
d. BGP

Answer : C

7. When redistributing, you have four options for the seed metric: accepting the
default value, specifying it with the default-metric command, using the metric option
with the redistribute command, and using a route map. If all four of these are
configured with different values, which will be preferred?
a. Default values
b. default-metric command

51
 Chapter 17 : Troubleshooting Redistribution

c. Metric option with the redistribute command

d. Route map attached to the redistribute command

Answer : D

9. Which option is mandatory when redistributing OSPF routes into EIGRP?

a. metric
b. metric type
c. subnets
d. match

Answer : A

10. Which option is mandatory when redistributing classless networks into OSPF?
a. metric
b. metric type
c. subnets
d. match

Answer : C

11. Which of the following is not included when redistributing from one IPv6 routing
protocol into another IPv6 routing protocol?
a. A prefix
b. A seed metric

c. A directly connected route participating in the routing process

d. An administrative distance

Answer : C

12. During redistribution that uses route maps, what occurs to a route that matches a
deny entry in the route map?

52
 Chapter 17 : Troubleshooting Redistribution

a. It is redistributed with default values.

b. It is redistributed with the values in the set clause.
c. It is redistributed only if there is a routing table entry for it.
d. It is not redistributed.

Answer : D

53
 Chapter 18 : VRF, MPLS, and MPLS Layer 3 VPNs

Chapter 18 : VRF, MPLS, and MPLS Layer 3 VPNs

1. What does VRF allow you to do?

a. Divide a single physical router into multiple virtual routers.
b. Run Spanning Tree Protocol on a router.
c. Use BGP on a router that does not support BGP.
d. Use a server as a virtual router.

Answer : A

2. Which command is used to associate an interface with VRF?

a. ip vrf vrf-name
b. vrf vrf-name
c. ip vrf forwarding vrf-name
d. vrf forwarding vrf-name

Answer : C

3. You have created a VRF instance called RED and associated the required
interfaces with it. Which command is used to verify the contents of the VRF routing
table?
a. show ip cef
b. show ip vrf
c. show ip route vrf
d. show ip route vrf RED

Answer : D

4. How are packets forwarded in an MPLS domain?

a. Using the destination IP address of the packet
b. Using the source IP address of the packet
c. Using a number that has been specifi ed in a label
d. Using the MAC address of the frame

54
 Chapter 18 : VRF, MPLS, and MPLS Layer 3 VPNs

Answer : C

5. What type of router is responsible for adding MPLS labels to a packet?

a. Ingress edge LSR
b. Egress edge LSR
c. Intermediate LSR
d. P router

Answer : A

6. Which protocol do routers use to exchange labels?

a. LLDP
b. STP
c. LDP
d. CDP

Answer : C

7. To improve MPLS performance, how can labels be removed on the second-to-last

LSR in the LSP instead of waiting until the last LSR to remove the label?
a. Use LLDP.
b. Use LDP.
c. Use PHP.
d. Use HTTP.

Answer : C

8. What types of labels are used for MPLS Layer 3 VPNs? (Choose two.)
a. LDP label
b. VPN label
c. 802.1q label
d. MPLS label

55
 Chapter 18 : VRF, MPLS, and MPLS Layer 3 VPNs

Answer : A and B

9. Which dynamic routing protocol is used to form peerings between PE routers in

MPLS Layer 3 VPNs?
a. OSPF
b. EIGRP
c. IS-IS
d. MP-BGP

Answer : D

10. How are customer routes isolated on PE routers in an MPLS Layer 3 VPN?
a. By using VRF
b. By using VDCs
c. By using MP-BGP
d. By using LDP

Answer : A

56
 Chapter 19 : DMVPN Tunnels

Chapter 19 : DMVPN Tunnels

1. Which of the following protocols do Generic Routing Encapsulation (GRE) tunnels

support? (Choose all that apply.)
a. DECnet
b. Systems Network Architecture (SNA)
c. IPv4
d. IPv6
e. MPLS

Answer : A, B, C, D and E

2. True or false: NHRP is a Cisco-proprietary protocol developed for DMVPN.

a. True
b. False

Answer : B

3. Which DMVPN phase does not work well with route summarization of spoke
prefixes?
a. DMVPN Phase 1
b. DMVPN Phase 2
c. DMVPN Phase 3
d. DMVPN Phase 4

Answer : B

4. Which DMVPN phase introduced hierarchical tunnel structures?

a. DMVPN Phase 1
b. DMVPN Phase 2
c. DMVPN Phase 3
d. DMVPN Phase 4

57
 Chapter 19 : DMVPN Tunnels

Answer : C

5. True or false: DMVPN supports multicast.

a. True
b. False

Answer : A

6. What is the configuration difference between DMVPN Phase 1 and DMVPN Phase 2
on the hub router?
a. The use of the command ip nhrp shortcut
b. The use of the command ip nhrp redirect
c. The use of the command ip nhrp version 2
d. There is no difference in configuration.

Answer : D

7. What is the configuration difference between DMVPN Phase 2 and DMVPN Phase 3
on the spoke router?
a. The use of the command ip nhrp shortcut
b. The use of the command ip nhrp redirect
c. The use of the command ip nhrp version 3
d. There is no difference in configuration.

Answer : A

8. True or false: After a spoke router registers with the hub router, the hub router sends
communication to the spoke router to establish a full mesh of tunnels with other
spoke routers.
a. True
b. False

58
 Chapter 19 : DMVPN Tunnels

Answer : B

9. What does the syslog message “Midchain parent maintenance for IP midchain
out” indicate?
a. There is a problem with the PKI certifi cate infrastructure.
b. There is a recursive routing loop on the tunnel.
c. The remote peer has placed its tunnel in maintenance mode.
d. The encapsulating interface has been shut down.

Answer : B

10. How long is the default NHRP cache timer?

a. 2 hours
b. 1 hour
c. 30 minutes
d. 15 minutes

Answer : A

11. Which of the following issues do network engineers commonly overlook when
using IPv6 DMVPN tunnels?
a. Changing the MTU on the tunnel interface to accommodate the larger packet
header
b. Confi guring a link-local IP address on the tunnel interface
c. Placing the tunnel into IPv6 GRE multipoint mode
d. Confi guring the NBMA address in CIDR notation (for example, 2001:12:14::1/64)

Answer : B

59
 Chapter 20 : Securing DMVPN Tunnels

Chapter 20 : Securing DMVPN Tunnels

1. In an MPLS Layer 3 VPN WAN model, data is protected on the SP network because
of which mechanism?
a. Data confi dentiality is protected because MPLS Layer 3 VPNs include encryption
on the SP network.
b. Data integrity is maintained because MPLS Layer 3 VPNs include checksums on
the SP network.
c. Data integrity is not protected on the SP network.
d. Data confi dentiality is dependent on the SP’s processes.

Answer : D

2. Which IPsec security mechanism ensures that if a hacker gains access to a session
key, that person cannot maintain access to that session indefinitely?
a. Replay detection
b. Periodic rekey
c. Perfect forward secrecy
d. Encapsulating Security Payload

Answer : C

3. True or false: The IKEv2 keyring functionality allows for the pre-shared key to be set
on a neighbor-by-neighbor basis.
a. True
b. False

Answer : A

4. True or false: Enabling IPsec tunnel encryption involves the configuration of the
IKEv2 profile and its association to a tunnel interface.

60
 Chapter 20 : Securing DMVPN Tunnels

a. True
b. False

Answer : B

5. Which command enables IPsec encryption on an tunnel interface?

a. tunnel protection ipsec profi le profi le-name
b. ipsec protection profi le profi le-name
c. crypto map map-name ipsec-isakmp interface interface-id
d. crypto map map-name tunnel tunnel-id ipsec-isakmp

Answer : A

6. A router has just been configured with IPsec DMVPN tunnel protection and needs
to have the IPsec packet replay feature set the number of packets to 64. Which
command should be used?
a. crypto ipsec security-association replay window-size 64
b. ipsec security-replay window-size 64
c. ipsec window-size 64
d. None. The command is not needed.

Answer : D

61
 Chapter 21 : Troubleshooting ACLs and Prefix Lists

Chapter 21 : Troubleshooting ACLs and Prefix Lists

1. What is the correct order of operations for an IPv4 ACL?

a. Top-down processing, execute upon the longest match, implicit deny all
b. Execute upon the longest match, top-down processing, implicit deny all
c. Implicit deny all, immediate execution upon a match, top-down processing
d. Top-down processing, immediate execution upon a match, implicit deny all

Answer : D

2. What occurs to a packet when an ACL is applied to an interface but the packet
does not match any of the entries in the ACL?
a. It is forwarded.
b. It is flooded.
c. It is dropped.
d. It is buffered.

Answer : C

3. What does the following ACL entry accomplish when applied to an interface:
20 permit tcp 10.1.1.0 0.0.0.63 host 192.0.2.1 eq 23?
a. Permits Telnet traffic from the device with IP address 192.0.2.1 going to any
device with an IP address from 10.1.1.0 to 10.1.1.63
b. Permits Telnet traffic from any device with IP address from 10.1.1.0 to 10.1.1.63
going to the device with IP address 192.0.2.1
c. Permits SSH traffic from any device with IP address from 10.1.1.0 to 10.1.1.63
going to the device with IP address 192.0.2.1
d. Permits SSH traffic from the device with IP address 192.0.2.1 going to any device
with IP address from 10.1.1.0 to 10.1.1.63

Answer : B

62
 Chapter 21 : Troubleshooting ACLs and Prefix Lists

4. Which command successfully filters ingress traffic using ACL 100 on an interface?
a. access-group 100 in
b. access-class 100 in
c. ip access-group 100 in
d. ip traffic-filter 100 in

Answer : C

5. What is the correct order of operations for an IPv6 ACL?

a. Immediate execution upon a match, implicit permit icmp nd, implicit deny all,
top-down processing
b. Top-down processing, immediate execution upon a match, implicit permit icmp
nd, implicit deny all
c. Top-down processing, implicit permit icmp nd, immediate execution upon a
match, implicit deny all
d. Implicit permit icmp nd, top-down processing, immediate execution upon a
match, implicit deny all

Answer : B

6. What happens if you add the following entry to the end of an IPv6 ACL: deny ipv6
any any log? (Choose two.)
a. All traffic is denied and logged.
b. All traffic that does not match an entry in the ACL is denied and logged.
c. ICMP Neighbor Discovery messages are implicitly permitted.
d. ICMP Neighbor Discovery messages are denied.

Answer : B and D

7. Which command successfully filters egress traffic using an IPv6 ACL named ENARSI
on an interface?
a. access-group ENARSI out
b. access-class ENARSI out

63
 Chapter 21 : Troubleshooting ACLs and Prefix Lists

c. ipv6 access-group ENARSI out

d. ipv6 traffic-filter ENARSI out

Answer : D

8. Which IP prefix list matches only the default route?

a. ip prefix-list ENARSI permit 0.0.0.0/0 le 32
b. ip prefix-list ENARSI permit 0.0.0.0/0 ge 32
c. ip prefix-list ENARSI permit 0.0.0.0/0 ge 1
d. ip prefix-list ENARSI permit 0.0.0.0/0

Answer : D

9. Which IP prefix list matches all routes?

a. ip prefix-list ENARSI permit 0.0.0.0/0 le 32
b. ip prefix-list ENARSI permit 0.0.0.0/0 ge 32
c. ip prefix-list ENARSI permit 0.0.0.0/0 ge 1
d. ip prefix-list ENARSI permit 0.0.0.0/0

Answer : A

10. What routes match the following prefix list: ip prefix-list ENARSI seq 35 deny
192.168.0.0/20 ge 24 le 28?
a. Routes with an address from 192.168.0.0 to 192.168.15.255 with a subnet mask of
24 to 28
b. Routes within the 192.168.0.0/20 subnet with a subnet mask greater than 24 and
less than 28
c. Routes with the subnet ID and mask 192.168.0.0/20
d. Routes with an address from 192.168.0.0 to 192.168.15.255 with a subnet mask of
24 or 28

Answer : A

64
 Chapter 22 : Infrastructure Security

Chapter 22 : Infrastructure Security

1. Which command successfully configures a user-defined method list on a Cisco IOS

device that uses the database on the device if the external server is not available for
authentication?

a. aaa authentication login default local group radius

b. aaa authentication login default group radius local

c. aaa authentication login REMOTE_ACCESS local group radius

d. aaa authentication login MANAGEMENT_ACCESS group radius local

Answer : D

2. Your Cisco router is configured with the following command:aaa authentication

login default group radius local What will occur during login if the local database
does not contain any username and password when it is checked?

a. The RADIUS server will be used for authentication.

b. Authentication will fail.

c. The user will be granted access.

d. The line password will be used.

Answer : B

3. Your router is configured as follows:

R1# show run | i aaa|username

aaa new-model

username ENARSI password 0 EXAM

R1# show run | s vtyline vty 0 4

65
 Chapter 22 : Infrastructure Security

password cisco transport input all

R1#

Based on the configuration, what will occur when someone uses Telnet to reach the
router?

a. Authentication will fail because there is no AAA method list.

b. The user will be required to use the line password cisco.

c. The user will be required to use the username ENARSI with the password EXAM.

d. The user will be granted access either with the username ENARSI with the pass-
word EXAM or with the line password cisco.

Answer : C

4. Which of the following commands would you use if you needed uRPF to match the
return interface with the incoming interface and a default route?

a. ip verify unicast source reachable-via rx allow-default

b. ip verify unicast source reachable-via any allow-default

c. ip verify unicast source reachable-via any allow-default 111

d. ip verify unicast source reachable-via rx allow-self-ping

Answer : A

5. Which of the following commands would you use for uRPF if the traffic flow were
asynchronous?

a. ip verify unicast source reachable-via rx allow-default

b. ip verify unicast source reachable-via rx

c. ip verify unicast source reachable-via any

d. ip verify unicast source reachable-via rx allow-self-ping

66
 Chapter 22 : Infrastructure Security

Answer : C

6. Which of the following commands would you use to verify the number of packets
that have conformed to a specific class map that you are using for CoPP?

a. show access-list

b. show class-map

c. show policy-map

d. show policy-map control-plane

Answer : D

7. How is a policy map processed?

a. All at once, matching the best class map.

b. From top down, matching the first class map that applies.

c. From bottom up, matching the first class map that applies.

d. They are not processed; the class map is processed.

Answer : B

8. What happens when traffic does not match any of the user-defined class maps
specified in the policy map?

a. It is ignored.

b. It is dropped.

c. It is transmitted.

d. It is subject to the policy defined in the default class.

67
 Chapter 22 : Infrastructure Security

Answer : D

9. Which IPv6 First-Hop Security feature is used to block unwanted RA messages?

a. RA Guard

b. DHCPv6 Guard

c. IPv6 ND inspection/snooping

d. Source Guard

Answer : A

10. Which IPv6 First-Hop Security feature is able to validate the source of IPv6 traffic
and, if the source is not valid, block it?

a. RA Guard

b. DHCPv6 Guard

c. IPv6 ND inspection/snooping

d. Source Guard

Answer : D

68
 Chapter 23 : Device Management and Management Tools Troubleshooting

Chapter 23 : Device Management and Management

Tools Troubleshooting

1. Which of the following are the default serial terminal settings for a Cisco router or
switch? (Choose two.)
a. 9600 baud
b. 16 data bits
c. 1 stop bit
d. Parity

Answer : A and C

2. Which command enables you to define which protocols will be used for remote
access to a Cisco device using vty lines?
a. transport input
b. login
c. login local
d. Exec

Answer : A

3. Which command enables you to specify that SSH access will be authenticated
using the local database?
a. login
b. login local
c. login authentication default
d. transport input ssh

Answer : B

4. The following command has been typed on a Cisco IOS router: copy
http://10.0.3.8/cisco_ios_files/c3900-universalk9-mz.SPA.156-3.M6a.bin flash:c3900-
universalk9-mz.SPA.156-3.M6a.bin
What will this accomplish?

69
 Chapter 23 : Device Management and Management Tools Troubleshooting

a. A configuration fi le will be copied from a web server to the router.

b. An IOS image will be copied from the router to the web server.
c. An IOS image will be copied from the web server to the router.
d. A configuration fi le will be copied from a router to a web server.

Answer : C

5. Timestamps are not appearing with syslog messages on your router. What is most
likely the reason for this?
a. NTP is not configured correctly.
b. The router has the wrong time set, according to the show clock output.
c. The no service timestamps command was executed on the router.
d. You have not used the terminal monitor command.

Answer : C

6. Which of the following is a valid SNMP security level that provides authentication
using a hashing algorithm such as SHA and encryption using an encryption algorithm
such as AES?
a. noAUTHnoPRIV
b. AUTHnoPRIV
c. AUTHPRIV
d. PRIV

Answer : C

7. In which of the following situations would you require an IP SLA responder?

a. Testing one-way delay for voice packets
b. Testing connectivity for a floating static route
c. Testing connectivity for First-Hop Resiliency Protocol
d. Testing round-trip time with an ICMP echo

Answer : A

70
 Chapter 23 : Device Management and Management Tools Troubleshooting

8. Which command is used to verify the version of NetFlow that has been configured
on a router?
a. show ip flow export
b. show ip flow Interface
c. show ip flow cache
d. show flow record

Answer : A

9. Which command is used to verify the flow exporter that has been assigned to a
flow monitor?
a. show flow Interface
b. show flow exporter
c. show flow monitor
d. show flow record

Answer : C

10. Which Cisco DNA Center Assurance tool graphically shows the path that
applications and services running on a client take through all the devices on the
network to reach the destination?
a. Application Experience
b. Device 360
c. Client 360
d. Path Trace

Answer : D

71